Download presentation

Presentation is loading. Please wait.

Published byEileen Cole Modified about 1 year ago

1
Doctorate Dissertation, L’Aquila, March 31 st 20091 Managing Security Issues in Advanced Applications of Wireless Sensor Networks PhD Candidate: Ing. Marco Pugliese Advisor: Prof. Fortunato Santucci PhD School Coordinator: Prof. Giuseppe Ferri Università degli Studi dell'Aquila Dipartimento di Ingegneria Elettrica e dell’Informazione Corso di Dottorato di Ricerca Ingegneria Elettrica e dell’Informazione XXI Ciclo A.A. 2007-08 SSD: ING/INF 03 Telecommunications

2
Doctorate Dissertation, L’Aquila, March 31 st 20092 Data Sampling Command Dissemination Data Collection Challenges Example of WSN-based Health Monitoring System [source: Culler, D., et al., “Health Monitoring of Civil Infrastructures Using Wireless Sensor Networks,” SensorNet Architecture meeting, Nov. 2006]

3
Doctorate Dissertation, L’Aquila, March 31 st 20093 Link Layer Cryptography Intrusion Detection System cross-layer Secure Platform Securing the Monitoring System Base Station (sink) External server BS Monitoring domains

4
Doctorate Dissertation, L’Aquila, March 31 st 20094 Objective & Methodology O. Design and implementation of a comprehensive cross-layer framework to provide WSN-based monitoring services with security (data confidentiality, data / entity authentication) and reliability (data integrity, service availability) Pilot project WINSOME ( WI reless sensor N etwork-based S ecure system f O r structural integrity M onitoring and al E rting) developed at DEWS premises. M. R&D approach: – Cross-layer domain (link layer + net layer + appl. layer) – Integration of the “traditional” security techniques with novel components and Cost Rebalancing ( computation time and memory usage ) to comply with WSN resource constraints – Design Optimization ( platform-based system design, PBD) – Modular SW Development ( component-based sw design ) – Dynamic Distributed Application Architecture ( mobile agent- based )

5
Doctorate Dissertation, L’Aquila, March 31 st 20095 Outline WINSOME PBD (I) Underlying Physical WSN Deployment Underlying Logical WSN Deployment (ARCHEA) Link Layer Cryptographic Scheme (TAKS) WPM-based IDS WINSOME PBD (II) Next steps (near-term) Next steps (mid-term)

6
Doctorate Dissertation, L’Aquila, March 31 st 20096 Distributed Architecture Platform-Based Model Underlying WSN Deployment Secure Platform Application Execution Environment (AEE) Application A 1 Applications SW component SW component Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Application A 2 Application A n Local memory MW services Shared memory

7
Doctorate Dissertation, L’Aquila, March 31 st 20097 Agent-based Distributed Architecture Platform-Based Model Underlying WSN Deployment Secure Platform Mobile Agent Application Execution Environment (MA-AEE) Agent-based Applications SW component SW component Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Agent A 1 AgentA 2 AgentA n Local memory MA-MW services Shared memory

8
Doctorate Dissertation, L’Aquila, March 31 st 20098 WINSOME PBD (I) Underlying WSN Deployment Mobile Agent Application Execution Environment (MA-AEE) IDS Agent comp. Monitoring Applications IDS Core comp. Link layer Cryptography WSN Topology Manager Secure Platform Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Integrity Monitoring Agent other agents MA-MW services Shared memory Local memory

9
Doctorate Dissertation, L’Aquila, March 31 st 20099 WINSOME PBD (I) AGILLA-based MA-AEE ARCHEA ( A vailable R esource C luster H ead E lection A lgorithm) TAKS ( T opology A uthenticated symmetric K ey S cheme) WPM-based IDS ( W eak P rocess M odel based I ntrusion D etection S ystem)

10
Doctorate Dissertation, L’Aquila, March 31 st 200910 Underlying WSN Physical WSN Deployment Q. Given a set of Sensor Nodes, find the class of WSN physical deployments (geometrical nodes distributions) compliant to coverage (redundancy vs. reliability) and resource requirements. Coverage-Cost Quality Indicators Conditions for lossless / lossy detection Min. Redundancy Configuration Max. Reliability Configuration A.

11
Doctorate Dissertation, L’Aquila, March 31 st 200911 Underlying WSN Logical WSN Deployment (Network Topology) Dynamic Clustered Spanning Tree (DCST). It represents a design assumption motivated by: –Cluster Heads (CHs) assigned on-demand (by a Cost Function) –Support to “data centric” applications (functions → data) –“Table-less” routing protocols –Support to data aggregation / fusion (at CHs) –Support the mobile agent propagation from CHs to their CMs CH BS CH BS

12
Doctorate Dissertation, L’Aquila, March 31 st 200912 Underlying WSN Planned Network Topology Planned Network Topology (PNT graph). Defines the graph including the sub-set of DCSTs compliant to the specific constraints defined by the Planner (→ admissible DCSTs ) –Each node knows its admissible neighbors How many DSCT in a given PNT? Kirchhoff’s Theorem. N, the nodes in the network; average neighbors per node 4 7 1 2 3 5 6 N = 7 3.4 220 σ(1) = 3 σ(2) = 3 σ(3) = 6 σ(4) = 3 σ(5) = 3 σ(6) = 3 σ(7) = 3 2 36 1 45 8 97 N = 9 4.4 15600 σ(1) = 3 σ(2) = 5 σ(3) = 8 σ(4) = 5 σ(5) = 3 σ(6) = 5 σ(7) = 3 σ(8) = 3 σ(9) = 5

13
Doctorate Dissertation, L’Aquila, March 31 st 200913 WSN Topology Manager (ARCHEA) A. ARCHEA defines a Cost Function to elect CHs among a set of eligible nodes, such that the resulting DCST is the shortest balanced DCST among the possible choices. Q. Given a WSN physical deployment and a Planned Network Topology, find the class of “short” and “balanced” admissible DCSTs compliant to resource requirements. Route-Cost Quality Indicators It includes the conditions to preserve spanning trees in WSN [Sec. 5.2]. It is shown [Sec. 5.4] that the elected CH has minimum Hop Count (h CH ) to sink and maximum number of CM [σ(CH)] respect to the other eligible nodes (→ balanced cluster sizes) Short and balanced DCST. It represents a design assumption motivated by –Reduced code transmission hops (for mobile agent propagation) –Augmented reliability in data aggregation at CHs –ARCHEA and routing messages can be crypto-secured

14
Doctorate Dissertation, L’Aquila, March 31 st 200914 TAKS Driving Ideas & Tools Link layer Cryptography provides security against outsider intruders. TAKS are symmetric, pair-wise, no pre-distributed (only key components are pre-distributed) TAKS is deterministic TAKs are symmetric keys generated using asymmetric mechanisms (hybrid cryptography) Network Topology Authentication as pre-condition for TAK generation Cryptographic Entropy per TAK binit 1 bit (for any TAK length ) Certification Authority is distributed on nodes of the admissible DCSTs Reverse engineering problem more complex than Discrete Logarithm Problem (DLP) Cryptographic information is classified in public / restricted / private / secret Vector algebra on GF(q) with q = 2 k and k the TAK length in binit

15
Doctorate Dissertation, L’Aquila, March 31 st 200915 TAKS Topology Authentication Network Topology Authentication as pre-condition for TAK generation If the Planner is also Certifier: –Planned Network Topology → Certified Network Topology –Admissible DCST → Authenticated DCST Node in an A uthenticated DCST becomes local CA because it knows its admissible neighbors –Centralized CA → Distributed CA TAK can be generated in a node pair only if mutual authentication has been successful: therefore the resulting DCST is both admissible and authenticated.

16
Doctorate Dissertation, L’Aquila, March 31 st 200916 TAK Generation TAK Authentication Theorem [Sec. 6.4.1] TAK Generation Theorem [Sec. 6.4.2] f(.) and V(.)f(.) and V(.) [Sec. 6.4] are public ( Kerchoff’s principle ) private restricted Local Conf. Data [Sec. 6.4]

17
Doctorate Dissertation, L’Aquila, March 31 st 200917 Security Analysis Q. Is TAK a real cryptographic key? I.e. which is the cryptographic entropy per binit associated to TAK? A. It is shown [Sec. 6.5.1] that TAK Cryptographic Entropy per binit is ≈ 1TAK Cryptographic Entropy Q. How much a single node is secure? I.e. how much complex is the inverse problem to break TAK Generators from the cryptographic information available on a single node (security level in a single node) ? A. It is shown [Sec. 6.5.2] that is harder than Discrete Logarithm Problemharder than Discrete Logarithm Problem Q. How much a network is secure? I.e. how many nodes should be compromised to derive TAK Generators from the cryptographic information available on the network (security level in the network)? A. It is shown [Sec. 6.5.3] that TAKS scheme is N-secureN-secure

18
Doctorate Dissertation, L’Aquila, March 31 st 200918 Cost Analysis MICA2: 8-bit processor ATMega128L @ 7.4 MHz, assuming 20 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is 3 s. IMOTE: 32-bit processor PXA271Xscale @ {312, 416} MHz, assuming 5 clock cycles per arithmetic / logic operation, the average computation time per 32- bit operation is 0.03 s (assuming a conservative 300 MHz clock). Memory usage is bits.

19
Doctorate Dissertation, L’Aquila, March 31 st 200919 Intrusion Alarm Generation : issues alarms according to a predefined Anomaly Detection Logic (ADL) and threat models Intrusion Reaction Logic (IRL) : defines the defence strategy (schedule of interventions) and tracks correlated alarms Intrusion Reaction Logic Application (IRLA) : reacts to intrusion by applying the suited countermeasures (link release, putting compromised nodes in quarantine, distributing black lists / grey lists, ….) Reference IDS Macro-functions Intrusion Alarm Generation Local Conf. Data Intrusion Reaction Logic Intrusion Reaction Application Control messages

20
Doctorate Dissertation, L’Aquila, March 31 st 200920 WPM-based IDS Driving Ideas & Tools IDS provides security against insider intruders. Incoming message Anomaly Rules Observables Behavior is modelled using WPM WPM (Weak Process Model) vs HMM (Hidden Markov Model) –Deterministic vs. stochastic observable-state relationships –“0-1” reachability rules for observable-state relationships Classification of WPM states according to their topological position within the WPM machine (e.g. LPA, HPA states) and according to the associated “threat observables” (e.g. UPA states) Threat Observables States Traces Scores Alarm Countermeasures WPM (Weak Process Model) vs HMM (Hidden Markov Model) –“possible states traces” vs. “the most probable states trace” (Viterbi) –Possible states traces are equi-probable Alarm generation when at least a states trace contains at least an HPA –Scores (weights) associated to state traces

21
Doctorate Dissertation, L’Aquila, March 31 st 200921 WPM-based IDS Micro-functions Defence Strategy Anomaly Detection Logic Threat Model Alarm Tracking Countermeasure Application Local Conf. Data Control messages

22
Doctorate Dissertation, L’Aquila, March 31 st 200922 WPM-based IDS Information Flow Defence Strategy Anomaly Detection Logic Threat Model Alarm Tracking Countermeasure Application Local Conf. Data Signalling IE xkxk okok Al[s k ] cm(s) Control messages

23
Doctorate Dissertation, L’Aquila, March 31 st 200923 WPM-based Anomaly Detection Model o 6 = 3, 1, 4, 2, 5, 6 al[01|01] al[02|00] 1 100 99 -100 1 100 -100 99 -99 0 L = 1, H = 100 LPA HPA Score Matrix S Score Computation WPM Algebraic Canonical Form k=1 k=2k=3k=4k=5k=6 WPM States Traces

24
Doctorate Dissertation, L’Aquila, March 31 st 200924 Threats from insider intruders HELLO Flooding SINKHOLE inter-cluster WORMHOLEintra-cluster WORMHOLE (HF)(SH) (WH)

25
Doctorate Dissertation, L’Aquila, March 31 st 200925 Examples of Anomaly Rules AR1. If n E has authenticated node n E, node n E declares h E < h i, with h i ≠ 0 (in other words node n E introduces itself as the new CH of n i but the current CH of n i is still alive), then o k = o 1 ; AR2. If n i is CH and (rule AR1 or rule AR2) in n j is true, then o k = o 2 ; This AR enables the “threat observables“ back-propagation AR3. If n i has authenticated node n E and node n E declares h E h i (in other words node n E introduces itself as a new cluster member M), then o k = o 3 ; This AR produces an ambiguous observable (Undecided Threat Obs.) The observable o k = o 9 is produced if no observables for a sequence of K observation steps, with K a predefined threshold. …

26
Doctorate Dissertation, L’Aquila, March 31 st 200926 WPM-based Single Threats Models HELLO Flooding SINKHOLE WORMHOLE (HF) (SH) (WH)

27
Doctorate Dissertation, L’Aquila, March 31 st 200927 Al[s k ] Aggregated Threat Model (I) Al[s k ]

28
Doctorate Dissertation, L’Aquila, March 31 st 200928 (HF) (SH) (WH) Security Analysis (HF) (WH) (SH) ATM STM

29
Doctorate Dissertation, L’Aquila, March 31 st 200929 Security Analysis (WH) (SH)

30
Doctorate Dissertation, L’Aquila, March 31 st 200930 Aggregated Threat Model (II) UPA state

31
Doctorate Dissertation, L’Aquila, March 31 st 200931 Cost Analysis MICA2: 8-bit processor ATMega128L @ 7.4 MHz), and assuming 20 clock cycles per arithmetic / logic operation, the average computation time per 32- bit operation is 3 s. IMOTE: 32-bit processor PXA271Xscale@{312, 416} MHz), and assuming 5 clock cycles per arithmetic / logic operation, the average computation time per 32-bit operation is 0.03 s (assuming a conservative 300 MHz clock). Memory usage is bytes.

32
Doctorate Dissertation, L’Aquila, March 31 st 200932 AGILLA MA-AEE AGILLA is a mobile agent-based MW running on TinyOS Inter-agent communication via Tuple Space (→ threat obs. aggregation) Agents migrates via MOVE or CLONE (→ agent propagation across DCST) STRONG or WEAK agent migration Neighbor List (→ admissible neighbors according to PNT graph) migrate / clone MA-AEE [source: Fok, C.-L., et al., “Agilla: A Mobile Agent Middleware for Sensor Networks,” Tech. Report, WUCSE-2006-16, 2006]

33
Doctorate Dissertation, L’Aquila, March 31 st 200933 Enhanced AGILLA MA-AEE Underlying WSN Deployment Secure Platform AGILLA MA-AEE Agent-based Applications SW component SW component Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Agent A 1 AgentA 2 AgentA n Local memory AGILLA services Tuple space

34
Doctorate Dissertation, L’Aquila, March 31 st 200934 IDS Functions Mapping IRA Defense Strategy Anomaly Detection Logic Alarm Tracking Countermeasure Application Control messages Threat Model LCD IDS Core comp. IRA IDS MA comp. I ntrusion R eaction A gent

35
Doctorate Dissertation, L’Aquila, March 31 st 200935 IRA forward-propagation vs. Threat Observables back-propagation IRA Al[s], o k IRA clone 1 AGILLA MA-AEE 4 5 Al[s], o k 3 AGILLA MA-AEE 6 2 IRA clone This mechanism avoids the injections of new IRA instances from the sink

36
Doctorate Dissertation, L’Aquila, March 31 st 200936 WINSOME PBD (II) Underlying WSN Deployment AGILLA MA-AEE IRA Monitoring Applications Sensor Node Sensor Node Sensor Node Sensor Node Sensor Node Integrity Monitoring Agent other agents Anomaly Detection Logic Threat Model TAKS ARCHEA Secure Platform NetManager LCD Tuple Space AGILLA services IDS core comp.

37
Doctorate Dissertation, L’Aquila, March 31 st 200937 Secure Platform internal Structure AGILLA MA-AEE cm[s] okok al[s k ] Comms Net Manager al[s k ] cm[s] okok Secure Platform Control Msgs Tuple Space IRA TM okok Hp_x k okok ADL IRLIRLA LCD

38
Doctorate Dissertation, L’Aquila, March 31 st 200938 Next steps (near-term) Finalization of WINSOME components development –on-going implementations of AGILLA enhancements 2 theses finalized, 1 thesis in on-going Extensions of WPM-based IDS to data messages –on-going jointly with UC Berkeley Enhancements of WPM technique to reduce false positives Extension of TAKS to cluster keys

39
Doctorate Dissertation, L’Aquila, March 31 st 200939 Next steps (mid-term) Anomaly Detection applied to sensed data Agent based SW design Further WPM-based Threat Modeling Detection Process Threat Identification Mechanisms Applications to Hybrid Systems Control Monitoring Theory MW Service Support Enhancement Cooperative Communications WINSOME Project Defence Strategies

40
Doctorate Dissertation, L’Aquila, March 31 st 200940 Scientific Contributions [1]M. Pugliese and F. Santucci, “Pair-wise Network Topology Authenticated Hybrid Cryptographic Keys for Wireless Sensor Networks using Vector Algebra,” in 4 th IEEE International Workshop on Wireless Sensor Networks Security (WSNS08), Atlanta, 2008. [2]M. Pugliese, A. Giani and F. Santucci, “A Weak Process Approach to Anomaly Detection in Wireless Sensor Networks,” in 1 st International Workshop on Sensor Networks (SN08), Virgin Islands, 2008.

41
Doctorate Dissertation, L’Aquila, March 31 st 200941 In preparation M. Pugliese, A. Giani, and F. Santucci, “Weak Process Models for Attack Detection in a Clustered Sensor Network using Mobile Agents,” submitted to the 1 st International Conference on Sensor Systems and Software (S-Cube 2009) M. Pugliese and F. Santucci, “A Comprehensive Cross-Layer Framework for Secure Monitoring Applications based on WSN” M. Pugliese, L. Pomante, and F. Santucci, “Agent-based Design and Implementation of a Cross-Layer Framework for Secure Monitoring Applications based on WSN”

42
Doctorate Dissertation, L’Aquila, March 31 st 200942 Acronyms ADLAnomaly Detection Logic ARAnomaly Rules AGILLAAGile bombILLA ARCHEAAvailable Resource Cluster-Head Election Algorithm DCSTDynamic Clustered Spanning Tree DLPDiscrete Logarithm Problem GFGalois Field HMMHidden Markov Model HPAHigh Potential Attack IDSIntrusion Detection System IRAIntrusion Reaction Agent IRLIntrusion Reaction Logic LCDLocal Configuration Data LPALow Potential Attack TAKSTopology Authenticated Key Scheme TGMPTAK Generation Management Protocol WINSOMEWIreless sensor Network-based Secure system fOr structural integrity Monitoring and alErting WMLWPM Memory Length WPMWeak Process Model WSNWireless Sensor Network

43
Doctorate Dissertation, L’Aquila, March 31 st 200943 Grazie per l’Attenzione

44
Doctorate Dissertation, L’Aquila, March 31 st 200944 BACKUP SLIDES

45
Doctorate Dissertation, L’Aquila, March 31 st 200945 Underlying WSN Physical WSN Deployment Metrics: – Sensor Node Density (SND). It is defined as the ratio between the number of sensor nodes and the aggregated coverage (supposing circular areas r = 1) generated by each sensor node. – Overlapping Detection Spot Percentage (ODSP). It is defined as the percentage of the aggregated overlapped coverage generated by all SND respect to the coverage area generated by a generic sensor node. Coverage-cost criteria: –Minimize SND*ODSP to mimimize coverage redundancy for a given SND; –Minimize SND/ODSP to maximize coverage reliability for a given SND.

46
Doctorate Dissertation, L’Aquila, March 31 st 200946 Underlying WSN Coverage-cost Quality Indicators The minimum for the product SND·ODSP returns the physical node distribution which minimizes coverage redundancy (fundamental cell with SNs at the centre of an hexagon ). The minimum for the ratio SND/ODSP returns the physical node distribution which maximizes coverage reliability (fundamental cell with SNs at the centre of an hexagon ).

47
Doctorate Dissertation, L’Aquila, March 31 st 200947 18 23 5 11 4 17 8 1 20 15 9 21 24 19 25 166 13 10 22 123 2 7 14 Underlying WSN DCST Deployment

48
Doctorate Dissertation, L’Aquila, March 31 st 200948 11 4 17 8 1 20 15 9 21 24 19 25 6 13 10 22 2 7 14 18 23 5 16 123 Underlying WSN DCST Self-Organization

49
Doctorate Dissertation, L’Aquila, March 31 st 200949 11 17 8 1 20 15 9 21 24 19 25 6 13 10 22 2 7 14 18 23 5 16 123 4 Underlying WSN DCST Self-Organization

50
Doctorate Dissertation, L’Aquila, March 31 st 200950 17 8 1 20 15 9 21 24 19 25 6 13 10 22 2 7 14 16 12 5 18 23 3 4 11 Underlying WSN DCST Self-Organization

51
Doctorate Dissertation, L’Aquila, March 31 st 200951 17 1 20 15 9 21 24 19 25 6 13 10 22 2 7 14 16 12 5 18 23 3 4 11 8 Underlying WSN DCST Self-Organization

52
Doctorate Dissertation, L’Aquila, March 31 st 200952 17 1 20 15 9 21 24 19 25 6 13 10 22 2 7 14 16 12 5 18 23 3 4 11 8 Underlying WSN DCST Self-Organization

53
Doctorate Dissertation, L’Aquila, March 31 st 200953 Underlying WSN Route-cost Quality Indicators The ratio between the number of deployed Cluster Heads and the deployed nodes in the network. The ratio between the number of deployed neighbors per node and the number of logical “planned” neighbors per node applied to the deployed Cluster Heads. The ratio between the sum of all hop counts to reach all nodes in the network and the minimum hop count to reach the most distant “planned” node applied to the deployed nodes in the network.

54
Doctorate Dissertation, L’Aquila, March 31 st 200954 Let GF(q) with q = 2 k be an extended Galois Field where p is a prime and k is an integer for which q >> N, where N is the total number of nodes in the network, and q-1 has a suitable large prime divisor (1). Let U be a vector field over GF(q). Any u U is a 3-pla where u x u y u z are elements in GF(q). Let a function satisfying the following requirements: R1. Be a one-way function R2. must hold for where is an arbitrary commutative operator. Let V(.) a 2-variable function satisfying the following requirements: R3. Be a one-way function R4. V(v,v’) = 0 only for a particular sub-set of values v,v’ V U The explicit expressions for and are public. (Kerchoff’s principle) TAKS Definitions (1/2) f(.) and V(.) (1) This restriction on the values for q is not mandatory but when applied any reverse engineering technique for TAK becomes harder.

55
Doctorate Dissertation, L’Aquila, March 31 st 200955 a.Let A U, M U; Elements in A are defined as follows: a, a’ A if m M exists such that m (a× a’) ≠ 0. A and M are secret. b.Let b B GF(q) not a generator) in B. B is secret. c.Let c C U. C is secret. d.Let the explicit expression for where m M satisfied Ass. (a) and k GF(q) is an arbitrary constant. The definition for f(.) is compliant to R1 and R2 because: for where (hereafter omitted) is the mod q product. e.Let k l, k’ l KL U ( private ) and k t, k’ t KT U ( restricted ) be the Loc.Key.Comp. and Tr.Key.Comp. for node n i and n j respectively. f.Let t T U ( restricted ) be the Loc.Pld.Top. such that for the generic k t KT is tk t = 0 The explicit expressions for k l and k t are public ( Kerchoff’s principle) TAKS Definitions (2/2) Local Configuration Data

56
Doctorate Dissertation, L’Aquila, March 31 st 200956 TAK Generation Theorem k ti, k li k tj, k lj k tj k ti s = mf(a)s’ = mf(a’) For any f(.) compliant to R2: nini njnj

57
Doctorate Dissertation, L’Aquila, March 31 st 200957 TAK Authentication Theorem In a node pair n i and n j, if t σ(i) exists such that g(t, k tj ) = t k tj = 0, then node n j is authenticated by node n i. Viceversa if t σ(j) exists such that g(t, k ti ) = t k ti = 0, then node n j is authenticated by node n i. (mutual authentication). Suppose the pair n i -n j Loc.Pld.Top i = σ(i) = {t i } where each vector t i ( Topology Vector for node i ) corresponds to each logical “planned” neighbors for node i. TAK authentication needs of: – Tr.Key.Comp j vector k tj from node n j (the prover) – Loc.Pld.Top i vector t for node n i (the verifier). –If k tj · t i = 0 then node n j is admissible, i.e. included in the Planned Network Topology. The verification function g(.) is defined as the scalar product between t and k t : this choice for g(.) is compliant to requirements R3 and R4.

58
Doctorate Dissertation, L’Aquila, March 31 st 200958 WPM-based Threat Model Definitions States set is X = (x 1, x 2, …, x n ) ; X is n × 1 Individual state x at step k is defined by x k = x 1, x 2, …, x k , x i X with x 0 (k=0) the initial state Observables set is O = (o 1, o 2, …, o q ) ; O is q × 1 Individual observable at step k is defined by o k = o 1, o 2, …, o k with o i O State Transition Distribution Matrix A (n × n): a ij =1 if p(x k+1 =x j |x k =x i )=1; a ij =0 otherwise; Emission Distribution Matrix B (q × n): b ij =1 if p(o k =o j |x k =x i )=1; b ij =0 otherwise; Hypothetic Engaged States at step k is the sub-set of possible (hidden) states associated to the observable o k : Hp_x k = B T o k Hypothetic Free States at obs. step i : Free_x i = x i - (x i Hp_x i ) Hypothetic States Trace at obs. step k : Tr k = i=1 (x k A Free_x i ) k-1

59
Doctorate Dissertation, L’Aquila, March 31 st 200959 WPM-based Threat Model Algebraic Canonical Form i-th column gives the states reachable from the i-th state i-th column gives the observables of the i-th state

60
Doctorate Dissertation, L’Aquila, March 31 st 200960 WPM-based Threat Model Generation of Hypothetic States Traces x 2 =Ax 1 o 2 = 1 x 2 = 1 x 2 = 5 x 2 =B t o 2 x 4 =Ax 3 x 3 =Ax 2 o 1 = 3 x 1 = 4 x 1 = 5 x 1 =B t o 1 4 5 x 6 =Ax 5 x 5 =Ax 4 3 Tr 1 6 =1,2,4,5 Tr 2 6 =1,3,5 1 5 o 3 = 4 x 3 = 2 x 3 = 3 x 3 =B t o 3 o 4 = 2 x 4 = 3 x 4 =B t o 4 o 5 = 5 x 5 = 4 x 5 =B t o 5 o 6 = 6 x 6 = 1 x 6 = 5 x 6 =B t o 6 2 3 4 1 5

61
Doctorate Dissertation, L’Aquila, March 31 st 200961 Assuming a WPM-based threat model (A, B, x 0 ), 2 hazard levels for an attack can be defined: – Low Potential Attack (LPA). An attack is considered low potentially dangerous ” (or in a LPA state) if the threat is currently in a state x j which is at least 2 hops to the final state. – High Potential Attack (HPA). An attack is considered high potentially dangerous (or in a HPA state) if the threat is currently in a state x j which is 1 hop to the final state. Alarms al[s k ] are issued when the attack has reached an HPA state. WPM-based Threat Model Hazard levels in an attack

62
Doctorate Dissertation, L’Aquila, March 31 st 200962 WPM-based Threat Model Score Matrix S Score Computation Theorem [Sec. ] states that: if node n j is an LPA state, the total score in n j is s j = L. if node n j is an HPA state, the total score in n j is s j = H. If node n j is neither LPA nor HPA or is a final state, the total score in n j is s j = 0. and if: with and A State Transition Distribution matrix then

63
Doctorate Dissertation, L’Aquila, March 31 st 200963 Hypothetic Free States (Free_x k ) k obs. WML Threat Score Computation

64
Doctorate Dissertation, L’Aquila, March 31 st 200964 Security Analysis Entropy associated to TAK Theorem on TAK Entropy : TAK entropy per binit is ≈ 1

65
Doctorate Dissertation, L’Aquila, March 31 st 200965 Security Analysis Security Level in a single node The cryptographic robustness of TAK generation scheme is based on the difficulty on computing discrete logarithms (the well-known Discrete Logarithm Problem (DLP)): In this case the problem is harder to solve than the classic DLP because equations are not pure exponentials.

66
Doctorate Dissertation, L’Aquila, March 31 st 200966 Security Analysis Security Level in a network In case a node has been captured, the following non-algebraic equations system should be solved for a, m, c, b which are the secret components to generate all TAK keys in the network. 6 equations (=3+3) 10 variables (a, m, c, b) It can be shown that even capturing all N nodes in the network the attacker gets ~ q 4 – Nq free solutions for (a, m, c, b) which are still ~ q 4 if is N << q. Thus the scheme is N-secure. → ~ q 4 solutions

67
Doctorate Dissertation, L’Aquila, March 31 st 200967 WML okok Hp_x k Tuple Space AG Net Manager Comms okok okok AR Remote Tuple Space al[s k ] ADL TGMP msgs ARCHEA msgs TM ADL Component LCD

68
Doctorate Dissertation, L’Aquila, March 31 st 200968 al[s k ] Hp_x k Free_x i

69
Doctorate Dissertation, L’Aquila, March 31 st 200969 Hp_x k TM A B x 0 x F okok AG AR Remote Tuple Space ADL TM Component

70
Doctorate Dissertation, L’Aquila, March 31 st 200970 NetManager Component LCD Comms TGMP msgs RELEASE_ind(n i CH ) cm[s] Tuple Space ARCHEA msgs TAKS ARCHEA msgs ARCHEA msg TGMP msgs ARCHEA NetManager AR TAKgen ok/ko

71
Doctorate Dissertation, L’Aquila, March 31 st 200971 Network Topology Authentication Key Generation LCD k lj cm[s] Tuple Space TAKS ARCHEA k tj σ(j) AR TAKgen ok/ko ReplaceKey RevokeKey TinySec Comms TGMP TGMP msgs TGMP msgs RELEASE_ind(n i CH ) TAKS Component

72
Doctorate Dissertation, L’Aquila, March 31 st 200972 Route Cost Computation ARCHEA TAKS Comms ARCHEA Manager AR ARCHEA msgs RELEASE_ind(n i CH ) ARCHEA msgs ARCHEA Component

73
Doctorate Dissertation, L’Aquila, March 31 st 200973 TAK Gen. Management Prot.(TGMP)

74
Doctorate Dissertation, L’Aquila, March 31 st 200974 ARCHEA Protocol

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google